LegacyExchangeDN, NDR and Outlook Cache

Prevent the NDR error: Delivery has failed to these recipients or distribution lists when the legacyExchangeDN for an Exchange object is not found due to old Outlook cache entries. There are many times when an Exchange administrator must deal with having to delete and recreate a person’s email account with the same name but a different smtp email address. Consider the following scenario:

Let’s assume we have a large corporation named Company-A with an Exchangeemail network and they own and operate a completely separate subsidiary called Company-Z who happens to have their own email network. John Smith (user) works for Company-A but has been promoted to another position at subsidiary Company-Z. Once John Smith (JSmith) has his new account and email address at his new company and turns in his old Company-A laptop, he’d like to continue corresponding with folks from Company-A without interruption. Therefore, the Exchange administrator deletes the Exchange mailbox for JSmith (jsmith@company-a.com) and creates a “Contact” which points to JSmith@company-z.com. This all would work fine unless you are using the Outlook Auto-Complete function. Outlook Auto-Complete, sometimes also referred to as cache, remembers who’ve you sent email to and allows one to type in just a few characters of the person’s name in the To: field and auto-fills the full name. This save people the time of having to either type in the entire email address or select the name from the Global Address List (GAL). This is very common and almost Exchange administrator using Outlook as it’s client is using this functionality.

If someone from Company-A tries to send John Smith an email using their cached Outlook entry, they will receive the following non-delivery report:

Delivery has failed to these recipients or distribution lists

Sent by Microsoft Exchange Server 2010
Diagnostic information for administrators:
Generating server: exssrvr01.company-a.com
IMCEAEX-_O=COMPANY=EXCHANGE_CN=RECIPIENTS_CN=jsmith@company-a.com
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

Why? The reason has to do with the legacyExchangeDN attribute. Whenever you delete mailboxes and replace them with contacts or vice versa, this will cause anyone, who has a cached entry in Outlook for the deleted mailbox, Non-Delivery Reports (NDR’s). The reason for this is because Exchange still uses the legacyExchangeDN attribute behind the covers to internally route email. It does not use the SMTP address (internally). The creation of a new contact or mailbox creates a new X500 address.

Therefore in our scenario, if a user has a cached value of jsmith@company-a.com, it will be pointing to the old legacyExchangeDN value and thus will return an NDR. The quick fix is for folks to manually delete the cached entry from Outlook. This is done by typing a few letters of the person’s name in the To: field and then selecting the “X” in the drop-down to delete the cached entry. Finally, they will have to pick the person’s name from the GAL one time only for Outlook to re-cache the new entry. However, not all associates know how to do this and this scenario can cause many help desk calls. Also, this can cause a delay in email delivery to the transferred associate, which if it is a high level executive, usually does not bode well.

The solution is to preserve the old legacyExchangeDN value and add that to the new Contact Exchange object for jsmith@company-z.com. The rest of this article describes a step-by-step process that can be used to prevent NDR’s when changing legacyExchangDN attributes.

1. Select the proper time to do this. Wait for a weekend so that you allow enough time for the changes to replicate the GAL around the organization

2. Export jsmith@company-a.com mailbox as a backup before deleting by opening the Exchange Management Shell and typing the command:
New-MailboxExportRequest -Mailbox <mailbox> -FilePath \\server\share\<username.pst>
(i.e.) New-MailboxExportRequest -Mailbox jsmith -FilePath \\FPSrvr01\share\jsmith.pst

3. Record the legagyExchangeDN information for the mailbox/contact being deleted. The best way to do this is to export the information from Active Directory using a tool such as DoveStone or any other preferred method. Make sure to export the legacyExchangeDN field. You will need this information later. The legacyExchangeDN format is similar to the following:

/o=Organization/ou=Exchange Administrative group/cn=Recipients/cn=user

4. Delete the old mailbox/contact of the user who is transferring (jsmith@company-a.com)

5. Create a new contact for the transferred associate with their new email address (jsmith@company-z.com)

6. Once the new contact is created, right-click it and select Properties. Select E-Mail Addresses. Select the drop-down to Add a Custom Address

7. In the E-Mail Address field, copy and paste the legacyExchangeDN value that you exported in step 3. In the E-Mail Type field, type X500 and select OK

This should prevent those nasty NDR’s every time you find yourself having to delete and recreate Exchange objects with the same names. Please note, this can get old very quickly, especially if you have thousands of users and lots of movement. You may want to set a policy of performing this process for high level executives only. As for the rest, just have them send a quick email to the majority of folks they correspond with which includes instructions on how to delete their old Outlook cached entry.

Below is a really good post explaining the link between the legacyExchangeDN attribute and Outlook’s Auto-Complete cache. I think it’s worth while to read. It gives you a great explanation of why Microsoft Exchange used the legacyExchangeDN and how it all works.

NDR’s and the legacyExchangeDN